Skip to content

Instantly share code, notes, and snippets.

@mattgillard

mattgillard/failed_autoscaling_launch.json

Created August 18, 2021 23:04
Show Gist options
  • Save mattgillard/41e58de275762d172ac3c32982aef3ce to your computer and use it in GitHub Desktop.
Save mattgillard/41e58de275762d172ac3c32982aef3ce to your computer and use it in GitHub Desktop.
Download ZIP
Sample decrypted error message on failed autoscaling launch - demonstrates AWS EC2 service keys presented and failing policy statement
Raw
failed_autoscaling_launch.json
{
"allowed": false,
"explicitDeny": true,
"matchedStatements": {
"items": [
{
"statementId": "AllowUserAgent",
"effect": "DENY",
"principals": {
"items": []
},
"principalGroups": {
"items": [
{
"value": "AGXXXXXXX"
}
]
},
"actions": {
"items": [
{
"value": "ec2:*Instances"
}
]
},
"resources": {
"items": [
{
"value": "*"
}
]
},
"conditions": {
"items": [
{
"key": "",
"values": {
"items": [
{
"value": "myuseragent/*"
},
{
"value": "autoscaling.amazonaws.com"
}
]
}
}
]
}
}
]
},
"failures": {
"items": []
},
"context": {
"principal": {
"id": "AIDXXXXXX",
"name": "myapiuser",
"arn": "arn:aws:iam::999999999999:user/myapiuser"
},
"action": "ec2:RunInstances",
"resource": "arn:aws:ec2:ap-southeast-2:999999999999:instance/*",
"conditions": {
"items": [
{
"key": "ec2:InstanceMarketType",
"values": {
"items": [
{
"value": "on-demand"
}
]
}
},
{
"key": "aws:Resource",
"values": {
"items": [
{
"value": "instance/*"
}
]
}
},
{
"key": "aws:Account",
"values": {
"items": [
{
"value": "999999999999"
}
]
}
},
{
"key": "ec2:AvailabilityZone",
"values": {
"items": [
{
"value": "ap-southeast-2b"
}
]
}
},
{
"key": "ec2:ebsOptimized",
"values": {
"items": [
{
"value": "false"
}
]
}
},
{
"key": "ec2:IsLaunchTemplateResource",
"values": {
"items": [
{
"value": "true"
}
]
}
},
{
"key": "ec2:InstanceType",
"values": {
"items": [
{
"value": "t2.micro"
}
]
}
},
{
"key": "ec2:RootDeviceType",
"values": {
"items": [
{
"value": "ebs"
}
]
}
},
{
"key": "ec2:InstanceProfile",
"values": {
"items": [
{
"value": "arn:aws:iam::999999999999:instance-profile/my-InstanceProfile"
}
]
}
},
{
"key": "aws:Region",
"values": {
"items": [
{
"value": "ap-southeast-2"
}
]
}
},
{
"key": "aws:Service",
"values": {
"items": [
{
"value": "ec2"
}
]
}
},
{
"key": "ec2:InstanceID",
"values": {
"items": [
{
"value": "*"
}
]
}
},
{
"key": "aws:Type",
"values": {
"items": [
{
"value": "instance"
}
]
}
},
{
"key": "ec2:Tenancy",
"values": {
"items": [
{
"value": "default"
}
]
}
},
{
"key": "ec2:Region",
"values": {
"items": [
{
"value": "ap-southeast-2"
}
]
}
},
{
"key": "aws:ARN",
"values": {
"items": [
{
"value": "arn:aws:ec2:ap-southeast-2:999999999999:instance/*"
}
]
}
},
{
"key": "ec2:LaunchTemplate",
"values": {
"items": [
{
"value": "arn:aws:ec2:ap-southeast-2:999999999999:launch-template/lt-0faaaaaaaaaaa"
}
]
}
}
]
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment